news
Canonical/Ubuntu Leftovers
-
Ubuntu ☛ KubeCon Europe 2025: Containers & Connections with Ubuntu
It’s hard to believe that the first KubeCon took place nearly 10 years ago. Back then, Kubernetes was still in its early days, and the world was only just beginning to understand the power of container orchestration.
-
Ubuntu ☛ The State of Silicon and Devices – Q1 2025 Roundup
Welcome to the first quarterly roundup on the State of Silicon and Devices by Canonical. Q1 has seen lots of announcements in the areas of Edge Hey Hi (AI) and cybersecurity.
-
Ubuntu News ☛ Ubuntu 25.04 (Plucky Puffin) Beta released
The Ubuntu team is pleased to announce the Beta release of the Ubuntu 25.04 Desktop, Server, and Cloud products. Ubuntu 25.04, codenamed “Plucky Puffin”, continues Ubuntu’s proud tradition of integrating the latest and greatest open source technologies into a high-quality, easy-to-use GNU/Linux distribution.
More on security:
-
Qualys discovers three bypasses of Ubuntu's unprivileged user namespace restrictions
The Qualys Threat Research Unit (TRU) says it has uncovered three flaws in Ubuntu's unprivileged user namespace restrictions that could allow a local attacker to gain full administrative capabilities.
Linux distributions generally allow unprivileged users to create namespaces that help in creating containers and additional sandboxing functionality for programs such as container runtimes, but that also creates a weak spot.
"Most major Linux distributions permit unprivileged users to create namespaces in which they effectively gain full administrative rights," said Saeed Abbasi, manager, vulnerability research, at Qualys. "While beneficial for creating containers and sandboxes, this significantly expands the kernel's attack surface."
-
New Ubuntu Linux security bypasses require manual mitigations
Three security bypasses have been discovered in Ubuntu Linux’s unprivileged user namespace restrictions, which could be enable a local attacker to exploit vulnerabilities in kernel components.
-
Ubuntu’s New Unprivileged User Namespace Feature Comes With New Vulnerabilities
Those running Ubuntu 23.10 and newer need to make some changes to their system configuration to deal with serious issues with the new unprivileged user namespaces feature. These namespaces should create an isolated sandbox where a user can be granted any permissions, such as root, which they might need inside that container but without granting them escalated privileges outside of that namespace. That would be a great feature, if it worked as intended. Unfortunately the default settings offer three different ways to create a new unprivileged user namespace with full root privileges for the entire system.
-
Ubuntu namespace vulnerability should be addressed quickly: Expert
Linux admins who have enabled the unprivileged user namespace restriction in their recent Ubuntu environments should take action to close three new vulnerabilities that allow a threat actor to bypass the supposed protection.
This warning comes after researchers at Qualys found three different ways this hardening feature can, under certain circumstances, be bypassed.
“It needs to be addressed quickly,” said Robert Beggs, CEO of Canadian incident response firm DigitalDefence, which has several Ubuntu-based applications in its portfolio, “because it facilitates other exploits. By itself, not a major thing. But if something else comes out it can be chained to these [vulnerabilities] and cause a lot of damage.”
Late one:
-
Qualys Finds Three Security Bypasses In Ubuntu’s Unprivileged User Namespace Restrictions
The Qualys Threat Research Unit (TRU) has uncovered three security bypasses in Ubuntu’s unprivileged user namespace restrictions.
Researchers disclosed these vulnerabilities to the Ubuntu Security Team on 15 January this year, has been working with then ever since.
Researchers found three distinct bypasses of these namespace restrictions, each of which would allow bad actors to create user namespaces with full administrative capabilities.
“These bypasses facilitate exploiting vulnerabilities in kernel components requiring powerful administrative privileges within a confined environment. The restrictions on unprivileged user namespaces were initially introduced in Ubuntu 23.10 and enabled by default in Ubuntu 24.04,” Qualys explained.